Overview
Industrial Edge Hub
Industrial Edge Hub
- Setup
- Operation
  Operation
  - Sign Up
  - Log in and sign out
  - Home
  - Application Provisioning
    Application Provisioning
    
    Hub to Hub transfer
  - Product Management
    Product Management
    
    Overview
  - Library
    Library
    
    Library
    
    Copying an app to IEM instances
    
    Purchasing an app
  - License Management
    License Management
    
    Overview
    
    Purchased licenses
    
    Managing licenses
    
    Download license inventory
  - IEM Instances
    IEM Instances
    
    IEM Instances
    
    Managing IEM instances
  - Download Software
  - User Management
    User Management
    
    Overview
    
    Inviting a new user
    
    Managing user roles
    
    User roles
  - Hub Settings
    Hub Settings
    
    Overview
    
    Renaming hub display names
  - Notification Settings
  - Switching hub
  - Cancelling an IE Hub Subscription
  - Customer Feedback
Industrial Edge Management
Industrial Edge Management
- IEM Overview
- Setup and operate
  Setup and operate
  - IEM Virtual
    IEM Virtual
    
    Setup
    Setup
    
    General requirements
    
    Setup steps
    
    Download the OVA Package
    
    Deploy the Virtual Machine
    Deploy the Virtual Machine
    
    VMware Workstation
    
    VMware ESXi Server
    
    Provision the IEM Virtual
    
    Operation
    Operation
    
    Network configuration via console
    
    Service & maintenance
    Service & maintenance
    
    Overview
    
    Login
    
    UI
    
    Download log files
    
    Security considerations
  - IEM Cloud
    IEM Cloud
    
    Setup
    Setup
    
    Creating the IEM Cloud Instance
    
    Revealing the initial user passwords
    
    Operation
    Operation
    
    Update
    
    Delete
  - IEM Pro
    IEM Pro
    
    Introduction
    Introduction
    
    Overview
    
    Architecture
    
    General Requirements
    
    Setup
    Setup
    
    Setup Cluster
    Setup Cluster
    
    Setup Cluster
    
    Using kOps
    Using kOps
    
    Introduction
    
    Prerequisites
    
    Creating pro Cluster
    
    Adjusting created Security Groups
    
    Using minikube
    
    Using Docker Desktop
    
    Using K3s
    
    Using openshift
    
    Deploying IEM Pro
    
    Extensions
    Extensions
    
    Logging & Monitoring
    
    Device Catalog
    
    Uninstalling IEM Pro
    
    Operation
    Operation
    
    Proxy Settings
    
    TLS Certificate
    
    IE Gateway
    
    Monitoring
    
    Planning capacity
    
    Backup & Restore
    Backup & Restore
    
    Industrial Edge Management
    
    Provisioning CLI
    Provisioning CLI
    
    Overview
    
    Installation
    
    Selecting an IEM Pro Instance
    
    Configuration Input
    
    Importing and Exporting Configuration
    
    Configuration Files
    
    Configuration Stored in Cluster
    
    Interaction with Helm CLI
    
    Configure Service Mesh
  - IEM OS (deprecated)
    IEM OS (deprecated)
    
    Setup
    Setup
    
    Setup steps
    
    Downloading the Industrial Edge Management OS
    
    Creating an IEM instance and downloading the configuration file
    
    VMware Workstation
    VMware Workstation
    
    Creating the VM
    
    Configuring the VM
    
    Installing the Industrial Edge Management OS
    
    Oracle VirtualBox
    Oracle VirtualBox
    
    Creating the VM
    
    Configuring the VM
    
    Installing the Industrial Edge Management OS
    
    VMware ESXi
    VMware ESXi
    
    Creating and configuring the VM
    
    Installing the Industrial Edge Management OS
    
    Configuring the Industrial Edge Management
    
    Activating & Installing the Industrial Edge Management
    Activating & Installing the Industrial Edge Management
    
    Activating the Industrial Edge Management
    
    Installing the Industrial Edge Management
    
    Settings
    Settings
    
    Settings
    
    Editing network settings
    
    Setting up a proxy server
    
    Configuring the Docker network
    
    Downloading system logs
    
    Adding an NTP server
    
    Certificate requirements
    
    Installing configurators
    
    Adding a relay server
    
    Operation
    Operation
    
    Overview
    
    Sign up
    
    Log in
    
    Reset password
    
    Home
    Home
    
    Home
    
    User profile
    
    Storage Manager service
    
    Catalog
    
    Statistics
    
    My User Groups
    My User Groups
    
    Overview
    
    Creating and editing an user group
    
    Roles
    
    Adding apps
    
    Inviting members
    
    Removing apps
    
    Settings
    Settings
    
    Settings
    
    Alerts
    
    Configuration
    
    Connectivity
    
    Storage
    Storage
    
    Storage
    
    Adding additional storage to the IEM
    Adding additional storage to the IEM
    
    IEM
    
    Oracle
    
    VMWare
    
    VMWare esxi
    
    System
    System
    
    System
    
    Adding and editing NTP servers
    
    Members
    
    Backup and restore
    Backup and restore
    
    Creating a backup of the IEM OS
    Creating a backup of the IEM OS
    
    via VM Workstation
    
    via Oracle
    
    Restoring the IEM OS from a backup
    Restoring the IEM OS from a backup
    
    via VM Workstation
    
    via Oracle
    
    Industrial Edge Management Services
    Industrial Edge Management Services
    
    Overview
    
    Service to Backup & Restore Edge Devices
    Service to Backup & Restore Edge Devices
    
    Overview
    
    Installation
    
    Update
    
    Configuration
    Configuration
    
    Configuration
    
    Storage size
    
    Monitoring service
    
    Backup devices
    
    Restore devices
    
    Compatibility
- Utilize
  Utilize
  - Launchpad
  - Navigation
    Navigation
    
    Top navigation
    
    Sign up & Navigation (Previous design)
    Sign up & Navigation (Previous design)
    
    Sign up
    
    Log in and sign out
    
    Reset password
    
    Home page
    
    Alerts
    
    User profile
    
    Navigation
  - Applications
    Applications
    
    Management Applications
    
    Pre-Provisioned Applications
    
    Device Applications
    
    Upload Device Applications
    
    Install Device Applications
    
    Update Device Applications
    
    Catalog (Previous design)
    Catalog (Previous design)
    
    Overview
    
    Importing Edge Apps
    
    Installing an app from the catalog
    
    My Installed Apps (Previous design)
    My Installed Apps (Previous design)
    
    Overview
    
    Managing an app
    
    Scheduling an app job
  - Devices
    Devices
    
    Device overview
    
    Device onboarding
    Device onboarding
    
    Overview
    
    Device configuration
    
    Device onboarding
    
    Device configuration (legacy user interface)
    Device configuration (legacy user interface)
    
    Creating the Edge Device configuration file
    
    New Edge Device - Parameters
    
    Layer 2 network access
    
    Configuring a Layer 2 network access
    
    Settings
    Settings
    
    Editing network and Layer 2 network access settings
    
    Setting up a proxy server
    
    Configuring the Docker network
    
    Downloading logs
    
    Adding an NTP Server
    
    Secure Connection
    
    Device details
    Device details
    
    Details
    
    Settings
    Settings
    
    Memory limit check
    
    Certificate
    
    Streaming logs
    
    Firmware Artifact Storage Management
    
    Logging
    Logging
    
    Overview
    
    Editing log settings
    
    Device logs
    
    Application logs
    
    Backup & Restore
    Backup & Restore
    
    Configuration
    
    Backup devices
    
    Restore devices
    
    Compatibility
    
    Monitoring Service
    
    Identity federation
    Identity federation
    
    Configuration
    
    Known Issues
    
    Edge Devices (Previous design)
    Edge Devices (Previous design)
    
    Overview
    
    Managing labels
    
    Checking statistics
    
    Removing an Edge Device
    
    Adding tags
    
    Downloading IEM CA certificate
    
    Managing logs
    
    Importing certificates
    
    Enabling and disabling remote access
    
    Storing an Edge Device state
    
    Restoring an Edge Device state
    
    Edge Device system commands
    Edge Device system commands
    
    Edge Device system commands
    
    Updating an Edge Device
    
    Storing multiple Edge Device states
    
    Restoring IED states of multiple Edge Devices
  - Data Connections
    Data Connections
    
    Overview
    
    How to configure data connections
  - Certificate Management
  - App Projects (Previous design)
    App Projects (Previous design)
    
    Overview
    
    Authorized Apps
    Authorized Apps
    
    Overview
    
    Joining other projects
    
    Creating a project
    
    Editing a project
    
    Creating an app
    Creating an app
    
    Creating an app
    
    Creating an app - Parameters
    
    Assigning labels
    
    Enabling the external configurator
    
    App details
    
    App configurations
    App configurations
    
    Creating configurations
    
    Available app configurations
    
    Versioned configuration files
    
    Template based configurations
    
    File upload configurations
    
    Add configuration to app - Parameters
    
    IE Application Configuration Service
    IE Application Configuration Service
    
    Overview
    
    Installing the IE App Configuration Service manually
    
    Integration of the IE Acs compatible app configurations
    
    Downloading and checking app configuration
    
    Installing an app from my projects
    Installing an app from my projects
    
    Installing an app from my projects
    
    Installing an app via the IE ACS
    
    Updating an app configuration via the IE ACS
    
    Privileged and network mode
    
    Updating Edge Apps via the IE App Publisher
    Updating Edge Apps via the IE App Publisher
    
    Updating an Edge App
    
    Importing an Edge App to the IE App Publisher
    
    Uploading an Edge App to the IEM
  - User Management (Previous design)
    User Management (Previous design)
    
    My User Groups
    My User Groups
    
    Overview
    
    Creating and editing an user group
    
    Roles
    
    Adding apps
    
    Inviting members
    
    Removing apps
    
    My Admin Groups
    My Admin Groups
    
    Overview
    
    Creating and editing an admin group
    
    Roles
    
    Adding an Edge Device
    
    Inviting Members
    
    Joining other groups
    
    Removing and checking Edge Devices
  - Job status (Previous design)
    Job status (Previous design)
    
    Overview
  - Storage Management
    Storage Management
    
    Overview
    
    Manage firmware artifacts
  - Admin Management
    Admin Management
    
    Overview
    
    Dashboard
    
    Edge Devices
    Edge Devices
    
    Edge Devices
    
    Downloading logs
    
    Submitted apps
    Submitted apps
    
    Submitted apps
    
    Unpublishing apps
    
    Deleting apps
    
    Registered Users
    Registered Users
    
    Registered Users
    
    Transfer IEM access
    
    Manage Roles
    Manage Roles
    
    Manage Roles
    
    Creating a role
    
    My Admin Groups
    My Admin Groups
    
    My Admin Groups
    
    Creating an admin group
    
    Inviting members to an admin group
    
    Settings
    
    Security
    
    Device Catalog
    
    Licenses
    Licenses
    
    License Management in IEM Virtual / Pro / Cloud
    
    License Management in IEM OS (deprecated)
    License Management in IEM OS (deprecated)
    
    IE Licensing Service
    
    Creating and sending license report to IE Hub
    
    Installing the IE Licensing Service
  - Platform settings
  - Identity and Access Management
    Identity and Access Management
    
    Overview of IAM
    
    Authorization concept
    
    User management
    
    Security
    
    Adding identity provider
    
    Clients
    
    Guides
    Guides
    
    Verify users email address
    
    Known issues
    
    Technical overview
    
    Known issues
    
    Best practices
  - Category Filter Search Bar (Faceted Search)
Industrial Edge Device
Industrial Edge Device
- Setup and operate
  Setup and operate
- Utilize
  Utilize
  - Apps
  - Management
  - Statistics
  - Certificate Management
  - App Developer Mode
    App Developer Mode
    
    Overview
    
    Advanced View
  - Identity And Access Management
    Identity And Access Management
    
    Roles
  - My User Groups
    My User Groups
    
    Overview
    
    Creating and editing a group
    
    Roles
    
    Adding apps
    
    Inviting users
    
    Inviting registered Users
  - Catalog
  - Settings
    Settings
    
    Configuration
    
    Connectivity
    Connectivity
    
    Network and Layer 2 network access
    
    Proxy settings
    
    Docker network settings
    
    Registered ports
    
    IEM connectivity check
    
    System
    System
    
    System
    
    Enabling app developer mode
    
    Members
    
    Registered users
    
    Logging & Monitoring
    Logging & Monitoring
    
    Metrics Service overview
    
    Destination
    Destination
    
    Management
    
    Specs
    
    Examples
    
    Creating metrics configuration
    
    Export & Import configuration
    
    Global Settings & Limitations
    
    Metrics data
    
    Prometheus Support
    
    Best practices
    
    Resource Manager
  - Edge Device Notifications
  - Storage manager service
  - Audit Event
Security
Security
- General Data Protection Regulation (GDPR)
- Introduction to "Industrial Cybersecurity" for OT
- System Overview
- Certificates
- Operational environment - Example
- Contacted domain names
- IP protocols and ports IP protocols and ports
  Table of contents
  - Customer-reachable UIs
- Industrial Edge components - Security measures
  Industrial Edge components - Security measures
- Setup guidelines and recommendations
  Setup guidelines and recommendations
Updates & Migrations
Updates & Migrations
- Overview
- Updating the IEM Pro
- Updating the IEM Virtual
- Updating the IEM Cloud
- Switching Request IEM Cloud
- Updating the IEM OS (end-of-life)
  Updating the IEM OS (end-of-life)
- Updating Configurators (end-of-life)
- Updating Device Applications
- Updating Edge Devices
- Relocating Edge Devices
- Migrate to Management Apps
- Migrate IEM Virtual from VMware to Hyper-V

IP protocols and ports¶

The following table shows the required network settings of Industrial Edge. Customers need to apply ingress and egress rules in their firewalls to ensure the required connectivity between all Industrial Edge components:

IE Hub (IEH)IE Management (IEM)IE Device (IED)IE App PublisherIE Management Relay Server

Port	Protocol	Direction	IEM Offering	Usage
443	HTTPS	Ingress	IEM OS, IEM Pro, IEM Virtual, IEM Cloud	Industrial Edge Hub UI
2020	SSH	Egress	IEM OS	Remote support channel for the IEM

Port	Protocol	Direction	IEM Offering	Usage
123, UDP	NTP	Egress	IEM OS, IEM Pro, IEM Virtual, IEM Cloud	Network time synchronization
123, UDP	NTP	Ingress	Only relevant for IEM OS or IEMV if used as an NTP server. Optional feature	Network time synchronization, acting as server in IEM OS.
53, UDP	DNS	Egress	IEM OS, IEM Pro, IEM Virtual, IEM Cloud	Domain name resolution
80	HTTP	Ingress	IEM Virtual	Redirection to port 4443
443	HTTPS	Ingress	IEM OS, IEM Pro, IEM Virtual, IEM Cloud	IE Management UI
4443	HTTPS	Ingress	IEM Virtual	Initial setup UI. Service & Maintenance UI
9443, 9444	HTTPS	Ingress	IEM OS	IE Management UI
2020	SSH	Egress	IEM OS	Remote support channel for IEM OS.
9100, TCP	HTTP	Egress	IEM Virtual	Performance metrics for IEM Virtual (only when enabled)

Port	Protocol	Direction	IEM Offering	Usage
443	HTTPS	Egress	IEM OS, IEM Pro, IEM Virtual, IEM Cloud	IE Management UI
123, UDP	NTP	Egress	IEM OS, IEM Pro, IEM Virtual, IEM Cloud	Network time synchronization
443	HTTPS	Ingress	IEM OS, IEM Pro, IEM Virtual, IEM Cloud	Edge Device UI
9443, 9444	HTTPS	Egress	IEM OS	IE Management UI (with IEM self-signed certificates)
32500	SSH	Egress	IEM OS	Remote access for Edge Devices, port can differ depending on the device builder.
50051	gRPC	Egress	All	Enabling dynamic service discovery, integration, and management across distributed applications
53	DNS	Egress	All	DNS (Domain Name System) is crucial when Industrial Edge Devices need to resolve domain names into IP addresses. This functionality is especially important for accessing services such as the Industrial Edge Management Cloud.

Port	Protocol	Direction	IEM Offering	Usage
443	HTTPS	Egress	IEM OS, IEM Pro, IEM Virtual, IEM Cloud	IE Management UI
9443	HTTPS	Egress	IEM OS	IE Management UI

Port	Protocol	Direction	IEM Offering	Usage
32500	SSH	Ingress	IEM OS	Remote access for Edge Devices

The following figure shows data traffic and the involved ports as an example:

traffic and ports

Customer-reachable UIs¶

For the IEM, IP-based or DNS-based operation is determined during the setup and cannot be changed afterwards. With an IP-based setup, the self-generated certificates from the IEM are always used. With a DNS-based setup, user-generated certificates are possible and mandatory. IEDs are always being onboarded using self-generated certificates from the IEM. These certificates can be exchanged with user-generated certificates. The IEM certificates cannot be restored.

IE component	IP-based setup	DNS-based setup	IEM Offering	Remark
IEM	https://<IP>/	https://<IEM-name>/	IEM OS, IEM Virtual	-
IEM-Registry	https://<IP>/v2/	https://<IEM-registry>/v2/	IEM OS	Must be accessible for all connected IEDs
IED	https://<IP>:443	https://<IED-name>:443	-	If DNS is used, name must be included in certificate

For older VM based IEM setup you can refer these URLs.

IE component	IP-based setup	DNS-based setup	IEM Offering	Remark
IEM OS	https://<IP>:443	-	IEM OS	DNS not possible
IEMA	https://<IP>:9443	https://<IEM-name>:443	IEM OS	-
IEM-Registry (For ISO based IEM)	https://<IP>:9444	https://<IEM-registry>:443	IEM OS	Must be accessible for all connected IEDs
IED	https://<IP>:443	https://<IED-name>:443	-	If DNS is used, name must be included in certificate